Privacy policy.

Who we are.

This Privacy Policy is issued by Vijaya Bhanu Engineering India Private Limited, trading as VB Group (together with its subsidiaries, affiliates and operating companies, "VB", "we", "us" or "our").

Our registered office is VB Brindavan, Plot No 101, Peri Sastry Street, opposite JP Convention Hall, Kardanur, Hyderabad, Telangana 502300, India. VB also operates from 633 E Fernhurst Dr, Unit #1001, Katy, Texas 77450, United States of America, and serves clients across 21+ countries.

For the purposes of the Digital Personal Data Protection Act, 2023 (India) ("DPDP Act") and any equivalent international data protection law applicable to a particular processing activity, VB acts as a Data Fiduciary (controller) in respect of the personal data described in this Policy.

Scope of this policy.

This Policy applies to personal data we collect when you:

• visit groupvb.com or any VB operating-company website (vbengg.com, wistwin.in, thevijai.com, thezentry.com, forgecore.in, dronavr.com, 360vista.app, dvsworks.com, vbmetaverse.com);
• engage with VB through email, telephone, video conference, in-person meetings, demos, proofs of concept or pilot deployments;
• use any VB product, platform, service or portal, including but not limited to Wistwin, Vijai, Zentry, Forgecore, Drona, 360Vista, DreamVerse and any META sub-brand;
• respond to a tender or supply goods or services to VB;
• apply for employment, internship, contract work or vendor empanelment with VB;
• interact with VB on social media platforms or attend a VB-hosted event.

This Policy does not cover the practices of third parties whose services we link to or integrate with. Their practices are governed by their own privacy notices, and VB accepts no responsibility for them.

Personal data we collect.

We may collect and process the following categories of personal data:

3.1 Identification and contact data

Full name, work email, work telephone, role, employer, business address, country, time zone.

3.2 Engagement data

Inquiry content, demo requests, project briefs, RFQ and RFP submissions, meeting notes, correspondence, photographs and recordings of meetings (where lawfully obtained), feedback and survey responses.

3.3 Platform usage data

When you use a VB platform, we process logs, telemetry, usage analytics, device identifiers, IP address, browser type, operating system, session duration, feature interaction, error reports and any content you upload, configure or generate within the platform.

3.4 Operational and industrial data

Where VB engineering or platform services are deployed at a client site, we may process plant configuration, asset registers, P&IDs, LiDAR scans, drawings, sensor telemetry, video frames (Vijai), entry events (Zentry) and workforce records (Forgecore). Subject to the contract with the client, this category may include personal data of the client’s employees, contractors or visitors.

3.5 Recruitment data

Where you apply for a role or pursue background verification queries, we collect identity documents, CVs, qualifications, employment history, references and the contents of any communications relating to your application or verification.

3.6 Marketing and event data

Subscription preferences, event attendance, content downloads and the contents of any marketing engagement you initiate with VB.

3.7 Sensitive categories

VB does not solicit special-category data (such as health data, biometric data, religious belief, sexual orientation or political opinion) except where (a) statutorily required to process it (e.g. EHS reporting), (b) you voluntarily provide it, or (c) the operation of a platform (such as Vijai) processes biometric or behavioural data on behalf of a client under a separate contract. In all such cases the data is processed only to the extent strictly necessary.

How we use your data.

We use personal data for the following purposes, each of which is supported by a lawful basis described in Section 05:

• responding to your inquiries, requests, demos and quotations;
• delivering engineering services, products, platforms, training and support that you or your employer have engaged VB to provide;
• operating, maintaining, improving and securing VB’s platforms and websites;
• conducting research, statistical analysis, benchmarking and product development, including the development of artificial intelligence and machine-learning models that improve VB’s services;
• marketing VB’s services, sharing industry analysis, sending briefings and inviting you to events;
• managing recruitment, vendor empanelment, tender administration and contract performance;
• protecting VB, our personnel, our clients and the public against fraud, misuse, security incidents and unauthorised access;
• complying with applicable law, court orders, lawful requests from authorities, tax obligations and audit requirements;
• establishing, exercising or defending legal claims.

Where personal data is processed to train AI or machine-learning systems, we apply de-identification or pseudonymisation to the extent technically reasonable.

Lawful basis.

VB processes personal data on the following bases, individually or in combination:

• Performance of a contract to which you, or the entity you represent, are a party;
• Compliance with a legal obligation applicable to VB;
• Consent, where you have voluntarily provided it (for example, by completing a marketing subscription form);
• Legitimate business interests of VB and its clients, including service delivery, security, fraud prevention, customer relationship management, product improvement and direct marketing to business contacts in roles relevant to VB’s offerings;
• Public interest, vital interest or legitimate use as recognised by the DPDP Act and applicable international law.

Where VB acts as a Data Processor on behalf of a client (for example, when operating a deployed Vijai or Zentry instance on the client’s premises), VB processes personal data strictly on the documented instructions of that client, except where compelled by law.

Sharing with affiliates and processors.

VB is a group company. We may share personal data among VB Group entities, operating companies, divisions and subsidiaries (including but not limited to VB Engineering, Wistwin, Vijai, Zentry, Forgecore, Drona, 360Vista, DreamVerse and the META family) where doing so supports the purposes set out in Section 04. All such sharing is governed by intra-group data processing arrangements that uphold the protections described in this Policy.

We engage qualified third-party processors, including cloud infrastructure providers, hosting providers, IT support providers, payment processors, professional advisors, communications platforms and marketing service providers. Each is engaged under a written contract that imposes confidentiality and data-protection obligations consistent with applicable law.

We may disclose personal data to authorities, regulators, courts, law-enforcement agencies, prospective acquirers, financial advisors, auditors, professional advisors and in connection with a merger, acquisition, restructuring or sale of all or part of VB’s business.

VB does not sell personal data.

International transfers.

VB operates from India and the United States and serves clients across 21+ countries. Personal data may therefore be transferred to, stored in and processed in jurisdictions outside your country of residence, including jurisdictions whose data-protection regime differs from your own.

By engaging with VB, providing personal data to VB or using a VB platform, you acknowledge and agree that personal data may be transferred internationally as required for the purposes set out in Section 04. Where the law of your jurisdiction requires specific safeguards (such as standard contractual clauses, adequacy decisions or supplementary measures), VB will adopt those safeguards.

Cookies and analytics.

Our websites use cookies, pixels, tags, local storage and similar technologies to enable site functionality, remember preferences, measure performance, analyse traffic and personalise content. We may use first-party and third-party analytics, including but not limited to Google Tag Manager, Google Analytics, LinkedIn Insight Tag and equivalent platforms.

You may control cookies through your browser settings. Disabling cookies may impair the functionality of certain parts of our websites. We do not currently respond to "Do Not Track" browser signals because no industry standard for processing such signals has been adopted at the time of writing.

How long we keep your data.

VB retains personal data for as long as is necessary to fulfil the purposes for which it was collected, including:

• the duration of any contract or commercial relationship with you or your employer, plus a reasonable tail period for warranty, dispute, audit, regulatory or recordkeeping purposes;
• the period required by applicable statute (including the Companies Act 2013, the Income-tax Act 1961, the Limitation Act 1963, the DPDP Act 2023, and equivalent USA statutes for USA-based operations);
• the period required to defend or pursue legal claims;
• archived backups and disaster-recovery snapshots, which may persist for additional fixed periods governed by VB’s information-security policies.

Where personal data is no longer required for any of the above purposes, we either delete it or de-identify it.

Your rights.

Subject to the conditions and exceptions set out in the DPDP Act 2023 and any other data-protection law applicable to your circumstances, you may have the following rights in respect of your personal data:

• Right to information regarding the personal data we process about you;
• Right to correction of inaccurate or incomplete personal data;
• Right to erasure of personal data, where the legal basis no longer applies and no statutory retention obligation requires us to retain it;
• Right to nominate another individual to exercise your rights in the event of your death or incapacity;
• Right to grievance redressal through the contact channel set out in Section 14;
• Right to withdraw consent, where processing is based on your consent (withdrawal does not affect the lawfulness of any processing carried out prior to withdrawal).

VB will respond to verified requests within the timeframes prescribed by applicable law. We reserve the right to verify your identity before responding to any request. Where a request is manifestly unfounded, excessive or repetitive, VB may charge a reasonable fee or refuse to act on it, to the extent permitted by law.

For details specific to the Indian DPDP Act 2023, see our dedicated DPDP Act notice.

Security.

VB applies technical and organisational security measures designed to protect personal data against unauthorised access, accidental loss, alteration, disclosure or destruction. Measures include access controls, encryption in transit, encryption at rest where appropriate, logging, monitoring, network segmentation, regular vulnerability testing, employee training and incident response procedures.

No system is impenetrable. Personal data shared with VB is transmitted at your own risk. In the event of a personal data breach affecting your data, VB will notify you to the extent required by applicable law and on the timeline that applicable law prescribes.

Children’s data.

VB’s services are directed at industrial organisations and business contacts. We do not knowingly process personal data of children (as defined under the DPDP Act 2023 or equivalent applicable law). If you believe a child’s personal data has been provided to VB without verifiable parental or guardian consent, please contact our grievance officer (see Section 14) and we will take appropriate action.

Changes to this policy.

VB reserves the right to amend this Policy from time to time, in whole or in part, with or without notice, to reflect changes to law, our services, our operations or industry practice. The "Last updated" date at the top of this page indicates the date of the most recent revision. Where a change is material, VB will take reasonable steps to bring it to your attention. Your continued use of VB’s websites, services and platforms following any update constitutes acceptance of the revised Policy.

Contact and grievance.

For privacy queries, to exercise your rights or to escalate a grievance, please contact our Data Protection Officer: